5 files changed, 168 insertions, 0 deletions

diff --git a/nist/README.md b/nist/README.md
new file mode 100644
index 0000000..674e9dd
--- /dev/null
+++ b/nist/README.md
@@ -0,0 +1,11 @@
+`TestVectorGen.zip` was retrieved on [NIST's website] ([direct link]).
+
+`make-package.sh` will take create the directory structure specified
+by [NIST's requirements], compile and run `TestVectorGen.zip`'s
+`genkat_aead.c` against every member of the Lilliput-AE family, and
+bundle the sources and the vectors into a tarball.
+
+
+[NIST's website]: https://csrc.nist.gov/projects/lightweight-cryptography
+[direct link]: https://csrc.nist.gov/CSRC/media/Projects/Lightweight-Cryptography/documents/TestVectorGen.zip
+[NIST's requirements]: https://csrc.nist.gov/CSRC/media/Projects/Lightweight-Cryptography/documents/final-lwc-submission-requirements-august2018.pdf
diff --git a/nist/TestVectorGen.zip b/nist/TestVectorGen.zip
new file mode 100644
index 0000000..938d9a8
--- /dev/null
+++ b/nist/TestVectorGen.zip
diff --git a/nist/api.h b/nist/api.h
new file mode 100644
index 0000000..c952db3
--- /dev/null
+++ b/nist/api.h
@@ -0,0 +1,12 @@
+#ifndef API_H
+#define API_H
+
+#include "parameters.h"
+
+#define CRYPTO_KEYBYTES  KEY_BYTES
+#define CRYPTO_NSECBYTES 0
+#define CRYPTO_NPUBBYTES NONCE_BYTES
+#define CRYPTO_ABYTES    TAG_BYTES
+#define CRYPTO_NOOVERLAP 1
+
+#endif /* API_H */
diff --git a/nist/encrypt.c b/nist/encrypt.c
new file mode 100644
index 0000000..a33a2f5
--- /dev/null
+++ b/nist/encrypt.c
@@ -0,0 +1,48 @@
+#include <stdbool.h>
+
+#include "crypto_aead.h"
+#include "lilliput-ae.h"
+
+
+int crypto_aead_encrypt(
+    unsigned char *c, unsigned long long *clen,
+    const unsigned char *m, unsigned long long mlen,
+    const unsigned char *ad, unsigned long long adlen,
+    const unsigned char *nsec,
+    const unsigned char *npub,
+    const unsigned char *k
+)
+{
+    (void)nsec;
+
+    lilliput_ae_encrypt(mlen, m, adlen, ad, k, npub, c, c+mlen);
+    *clen = mlen + TAG_BYTES;
+
+    return 0;
+}
+
+
+int crypto_aead_decrypt(
+    unsigned char *m, unsigned long long *mlen,
+    unsigned char *nsec,
+    const unsigned char *c, unsigned long long clen,
+    const unsigned char *ad, unsigned long long adlen,
+    const unsigned char *npub,
+    const unsigned char *k
+)
+{
+    (void)nsec;
+
+    size_t tagless_len = clen-TAG_BYTES;
+
+    bool valid = lilliput_ae_decrypt(
+        tagless_len, c, adlen, ad, k, npub, c+tagless_len, m
+    );
+
+    if (!valid)
+        return 1;
+
+    *mlen = tagless_len;
+
+    return 0;
+}
diff --git a/nist/make-package.sh b/nist/make-package.sh
new file mode 100755
index 0000000..009d997
--- /dev/null
+++ b/nist/make-package.sh
@@ -0,0 +1,97 @@
+#!/bin/bash
+
+set -Eeu
+
+# Generate NIST's expected tree:
+#
+# crypto_aead
+# │
+# └── lilliputae${mode}${keylen}v1
+#     │
+#     ├── add_${someimplementation}
+#     │   ├── api.h
+#     │   └── encrypt.c
+#     │
+#     ├── add_${someplatform}
+#     │   ├── api.h
+#     │   └── encrypt.c
+#     │
+#     ├── ref
+#     │   ├── api.h
+#     │   └── encrypt.c
+#     │
+#     └── LWC_AEAD_KAT_${keylen}_120.txt
+
+NIST_DIR=$(dirname $0)
+ROOT=${NIST_DIR}/..
+TMP_DIR=$(mktemp -d)
+
+cleanup ()
+{
+    rm -r ${TMP_DIR}
+}
+
+trap cleanup ERR
+
+
+add-variant ()
+{
+    mode=$1
+    key_length=$2
+    variant=lilliputae${mode}${key_length}v1
+    dest=${TMP_DIR}/crypto_aead/${variant}/ref
+
+    mkdir -p ${dest}
+    cp ${ROOT}/crypto_aead/${variant}/ref/_parameters.h ${dest}
+    cp ${NIST_DIR}/{api.h,encrypt.c} ${dest}
+
+    source_files=(
+        ae-common.h
+        cipher.{c,h}
+        constants.{c,h}
+        lilliput-ae{.h,-${mode}.c}
+        parameters.h
+        tweakey.{c,h}
+    )
+
+    for f in ${source_files[@]}
+    do
+        cp ${ROOT}/src/${f} ${dest}
+    done
+}
+
+test-variant ()
+{
+    mode=$1
+    key_length=$2
+    variant=lilliputae${mode}${key_length}v1
+    dest=${TMP_DIR}/crypto_aead/${variant}
+    src=${dest}/ref
+
+    genkat=${TMP_DIR}/${variant}
+
+    nist_flags=(-std=c99 -Wall -Wextra -Wshadow -fsanitize=address,undefined -O2)
+
+    gcc ${nist_flags[@]} -Werror -I${src} -I${TMP_DIR} \
+         ${src}/*.c ${TMP_DIR}/genkat_aead.c -o ${genkat}
+
+    ${genkat}
+
+    mv LWC_AEAD_KAT_${key_length}_120.txt ${dest}
+}
+
+
+unzip ${NIST_DIR}/TestVectorGen.zip -d ${TMP_DIR}
+
+for mode in i ii
+do
+    for key_length in 128 192 256
+    do
+        add-variant ${mode} ${key_length}
+        test-variant ${mode} ${key_length}
+    done
+done
+
+tar czf lilliput-ae.tgz -C ${TMP_DIR} crypto_aead
+
+cleanup